import { NextApiRequest, NextApiResponse } from 'next';

export default async function handler(req: NextApiRequest, res: NextApiResponse) {
  if (req.method !== 'POST') {
    return res.status(405).json({ message: 'Method Not Allowed' });
  }

  const { email, new_password, confirm_password, verification_code } = req.body;

  // 验证请求体
  if (!email || !new_password || !confirm_password || !verification_code) {
    return res.status(400).json({ message: 'Missing required fields' });
  }

  if (new_password !== confirm_password) {
    return res.status(400).json({ message: 'Passwords do not match' });
  }

  // 验证密码长度
  if (new_password.length < 8) {
    return res.status(400).json({ message: '密码长度必须至少为8位' });
  }

  try {
    // 这里应该有验证验证码是否正确的逻辑
    // 然后更新用户的密码
    // 为了演示，我们假设这些步骤都成功了

    res.status(200).json({ message: 'Password updated successfully' });
  } catch (error) {
    console.error('Error in set password:', error);
    res.status(400).json({ message: 'Failed to reset password' });
  }
}